CVE-2018-5130 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
mozilla	CNA	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_eus	7.4
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
mozilla	firefox	𝑥 < 52.7.0
mozilla	firefox	𝑥 < 59.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
mozilla	firefox_esr	𝑥 < 52.7	CNA
mozilla	firefox_esr	𝑥 < 59	CNA

Debian Releases

Debian Product

Codename

firefox

sid	132.0.1-1 fixed

firefox-esr

bookworm	115.14.0esr-1~deb12u1 fixed
bookworm (security)	128.4.0esr-1~deb12u1 fixed
bullseye	115.14.0esr-1~deb11u1 fixed
bullseye (security)	128.4.0esr-1~deb11u1 fixed
sid	128.4.0esr-1 fixed
trixie	128.3.1esr-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

artful	Fixed 59.0+build5-0ubuntu0.17.10.1 released
bionic	Fixed 59.0.1+build1-0ubuntu1 released
trusty	Fixed 59.0+build5-0ubuntu0.14.04.1 released
xenial	Fixed 59.0+build5-0ubuntu0.16.04.1 released

openSUSE / SLES Releases

openSUSE Product

Release

MozillaFirefox

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise desktop 15 SP1	60.6.2-3.32.1 fixed
suse enterprise desktop 15 SP2	68.8.0-3.87.1 fixed
suse enterprise desktop 15 SP3	78.10.0-8.38.1 fixed
suse enterprise desktop 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise desktop 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise desktop 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise desktop 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise sap 12 SP5	68.1.0-109.92.1 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise sap 15 SP1	60.6.2-3.32.1 fixed
suse enterprise sap 15 SP2	68.8.0-3.87.1 fixed
suse enterprise sap 15 SP3	78.10.0-8.38.1 fixed
suse enterprise sap 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise sap 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise sap 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise sap 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise server 12 SP5	68.1.0-109.92.1 fixed
suse enterprise server 15	52.7.3-1.35 fixed
suse enterprise server 15 SP1	60.6.2-3.32.1 fixed
suse enterprise server 15 SP2	68.8.0-3.87.1 fixed
suse enterprise server 15 SP3	78.10.0-8.38.1 fixed
suse enterprise server 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise server 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise server 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise server 15 SP7	128.9.0-150200.152.176.1 fixed

MozillaFirefox-devel

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise desktop 15 SP1	60.6.2-3.32.1 fixed
suse enterprise desktop 15 SP2	68.8.0-3.87.1 fixed
suse enterprise desktop 15 SP3	78.10.0-8.38.1 fixed
suse enterprise desktop 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise desktop 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise desktop 15 SP6	102.12.0-150200.152.90.1 fixed
suse enterprise desktop 15 SP7	102.12.0-150200.152.90.1 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise sap 15 SP1	60.6.2-3.32.1 fixed
suse enterprise sap 15 SP2	68.8.0-3.87.1 fixed
suse enterprise sap 15 SP3	78.10.0-8.38.1 fixed
suse enterprise sap 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise sap 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise sap 15 SP6	102.12.0-150200.152.90.1 fixed
suse enterprise sap 15 SP7	102.12.0-150200.152.90.1 fixed
suse enterprise server 15	52.7.3-1.35 fixed
suse enterprise server 15 SP1	60.6.2-3.32.1 fixed
suse enterprise server 15 SP2	68.8.0-3.87.1 fixed
suse enterprise server 15 SP3	78.10.0-8.38.1 fixed
suse enterprise server 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise server 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise server 15 SP6	102.12.0-150200.152.90.1 fixed
suse enterprise server 15 SP7	102.12.0-150200.152.90.1 fixed

MozillaFirefox-translations-common

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise desktop 15 SP1	60.6.2-3.32.1 fixed
suse enterprise desktop 15 SP2	68.8.0-3.87.1 fixed
suse enterprise desktop 15 SP3	78.10.0-8.38.1 fixed
suse enterprise desktop 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise desktop 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise desktop 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise desktop 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise sap 12 SP5	68.1.0-109.92.1 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise sap 15 SP1	60.6.2-3.32.1 fixed
suse enterprise sap 15 SP2	68.8.0-3.87.1 fixed
suse enterprise sap 15 SP3	78.10.0-8.38.1 fixed
suse enterprise sap 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise sap 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise sap 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise sap 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise server 12 SP5	68.1.0-109.92.1 fixed
suse enterprise server 15	52.7.3-1.35 fixed
suse enterprise server 15 SP1	60.6.2-3.32.1 fixed
suse enterprise server 15 SP2	68.8.0-3.87.1 fixed
suse enterprise server 15 SP3	78.10.0-8.38.1 fixed
suse enterprise server 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise server 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise server 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise server 15 SP7	128.9.0-150200.152.176.1 fixed

MozillaFirefox-translations-other

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise desktop 15 SP1	60.6.2-3.32.1 fixed
suse enterprise desktop 15 SP2	68.8.0-3.87.1 fixed
suse enterprise desktop 15 SP3	78.10.0-8.38.1 fixed
suse enterprise desktop 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise desktop 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise desktop 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise desktop 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise sap 15 SP1	60.6.2-3.32.1 fixed
suse enterprise sap 15 SP2	68.8.0-3.87.1 fixed
suse enterprise sap 15 SP3	78.10.0-8.38.1 fixed
suse enterprise sap 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise sap 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise sap 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise sap 15 SP7	128.9.0-150200.152.176.1 fixed
suse enterprise server 15	52.7.3-1.35 fixed
suse enterprise server 15 SP1	60.6.2-3.32.1 fixed
suse enterprise server 15 SP2	68.8.0-3.87.1 fixed
suse enterprise server 15 SP3	78.10.0-8.38.1 fixed
suse enterprise server 15 SP4	91.8.0-150200.152.26.1 fixed
suse enterprise server 15 SP5	102.11.0-150200.152.87.1 fixed
suse enterprise server 15 SP6	115.10.0-150200.152.134.1 fixed
suse enterprise server 15 SP7	128.9.0-150200.152.176.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

firefox

RHEL 6	0:52.7.0-1.el6_9 fixed
RHEL 7	0:52.7.0-1.el7_4 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.securityfocus.com/bid/103388

http://www.securitytracker.com/id/1040514

https://access.redhat.com/errata/RHSA-2018:0526

https://access.redhat.com/errata/RHSA-2018:0527

https://bugzilla.mozilla.org/show_bug.cgi?id=1433005

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://security.gentoo.org/glsa/201810-01

https://usn.ubuntu.com/3596-1/

https://www.debian.org/security/2018/dsa-4139

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://www.mozilla.org/security/advisories/mfsa2018-07/

http://www.securityfocus.com/bid/103388

http://www.securitytracker.com/id/1040514

https://access.redhat.com/errata/RHSA-2018:0526

https://access.redhat.com/errata/RHSA-2018:0527

https://bugzilla.mozilla.org/show_bug.cgi?id=1433005

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://security.gentoo.org/glsa/201810-01

https://usn.ubuntu.com/3596-1/

https://www.debian.org/security/2018/dsa-4139

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://www.mozilla.org/security/advisories/mfsa2018-07/